Re: [PATCH net-next v3 4/4] net: Identifier Locator Addressing module

2015-08-17 Thread David Miller 
From: Tom Herbert t...@herbertland.com
Date: Mon, 17 Aug 2015 11:59:17 -0700

 +static int ila_build_state(struct net_device *dev, struct nlattr *nla,
 +struct lwtunnel_state **ts)
 +{
 + struct ila_params *p;
 + struct nlattr *tb[ILA_ATTR_MAX + 1];
 + size_t encap_len = sizeof(*p);
 + struct lwtunnel_state *newts;
 + int ret;
 +
 + ret = nla_parse_nested(tb, ILA_ATTR_MAX, nla,
 +ila_nl_policy);
 + if (ret  0)
 + return ret;
 +
 + newts = lwtunnel_state_alloc(encap_len);
 + if (!newts)
 + return -ENOMEM;
 +
 + newts-len = encap_len;
 + p = ila_params_lwtunnel(newts);
 +
 + if (!tb[ILA_ATTR_LOCATOR])
 + return -EINVAL;

This final error check leaks 'newts'.

You should probably just validate that ILA_ATTR_LOCATOR is present
before allocating any resources at all.
--
To unsubscribe from this list: send the line unsubscribe netdev in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[PATCH net-next v3 4/4] net: Identifier Locator Addressing module

2015-08-17 Thread Tom Herbert 
Adding new module name ila. This implements ILA translation. Light
weight tunnel redirection is used to perform the translation in
the data path. This is configured by the ip -6 route command
using the encap ila locator option, where locator is the
value to set in destination locator of the packet. e.g.

ip -6 route add :0:0:1::0:1:0/128 \
  encap ila 2001:0:0:1 via 2401:db00:20:911a:face:0:25:0

Sets a route where :0:0:1 will be overwritten by
2001:0:0:1 on output.

Signed-off-by: Tom Herbert t...@herbertland.com
---
 include/uapi/linux/ila.h  |  15 +++
 include/uapi/linux/lwtunnel.h |   1 +
 net/ipv6/Kconfig  |  19 
 net/ipv6/Makefile |   1 +
 net/ipv6/ila.c| 216 ++
 5 files changed, 252 insertions(+)
 create mode 100644 include/uapi/linux/ila.h
 create mode 100644 net/ipv6/ila.c

diff --git a/include/uapi/linux/ila.h b/include/uapi/linux/ila.h
new file mode 100644
index 000..7ed9e67
--- /dev/null
+++ b/include/uapi/linux/ila.h
@@ -0,0 +1,15 @@
+/* ila.h - ILA Interface */
+
+#ifndef _UAPI_LINUX_ILA_H
+#define _UAPI_LINUX_ILA_H
+
+enum {
+   ILA_ATTR_UNSPEC,
+   ILA_ATTR_LOCATOR,   /* u64 */
+
+   __ILA_ATTR_MAX,
+};
+
+#define ILA_ATTR_MAX   (__ILA_ATTR_MAX - 1)
+
+#endif /* _UAPI_LINUX_ILA_H */
diff --git a/include/uapi/linux/lwtunnel.h b/include/uapi/linux/lwtunnel.h
index 31377bb..04bac3b 100644
--- a/include/uapi/linux/lwtunnel.h
+++ b/include/uapi/linux/lwtunnel.h
@@ -7,6 +7,7 @@ enum lwtunnel_encap_types {
LWTUNNEL_ENCAP_NONE,
LWTUNNEL_ENCAP_MPLS,
LWTUNNEL_ENCAP_IP,
+   LWTUNNEL_ENCAP_ILA,
__LWTUNNEL_ENCAP_MAX,
 };
 
diff --git a/net/ipv6/Kconfig b/net/ipv6/Kconfig
index 643f613..983bb99 100644
--- a/net/ipv6/Kconfig
+++ b/net/ipv6/Kconfig
@@ -92,6 +92,25 @@ config IPV6_MIP6
 
  If unsure, say N.
 
+config IPV6_ILA
+   tristate IPv6: Identifier Locator Addressing (ILA)
+   select LWTUNNEL
+   ---help---
+ Support for IPv6 Identifier Locator Addressing (ILA).
+
+ ILA is a mechanism to do network virtualization without
+ encapsulation. The basic concept of ILA is that we split an
+ IPv6 address into a 64 bit locator and 64 bit identifier. The
+ identifier is the identity of an entity in communication
+ (who) and the locator expresses the location of the
+ entity (where).
+
+ ILA can be configured using the encap ila option with
+ ip -6 route command. ILA is described in
+ https://tools.ietf.org/html/draft-herbert-nvo3-ila-00.
+
+ If unsure, say N.
+
 config INET6_XFRM_TUNNEL
tristate
select INET6_TUNNEL
diff --git a/net/ipv6/Makefile b/net/ipv6/Makefile
index 0f3f199..2c900c7 100644
--- a/net/ipv6/Makefile
+++ b/net/ipv6/Makefile
@@ -34,6 +34,7 @@ obj-$(CONFIG_INET6_XFRM_MODE_TUNNEL) += xfrm6_mode_tunnel.o
 obj-$(CONFIG_INET6_XFRM_MODE_ROUTEOPTIMIZATION) += xfrm6_mode_ro.o
 obj-$(CONFIG_INET6_XFRM_MODE_BEET) += xfrm6_mode_beet.o
 obj-$(CONFIG_IPV6_MIP6) += mip6.o
+obj-$(CONFIG_IPV6_ILA) += ila.o
 obj-$(CONFIG_NETFILTER)+= netfilter/
 
 obj-$(CONFIG_IPV6_VTI) += ip6_vti.o
diff --git a/net/ipv6/ila.c b/net/ipv6/ila.c
new file mode 100644
index 000..fd9498d
--- /dev/null
+++ b/net/ipv6/ila.c
@@ -0,0 +1,216 @@
+#include linux/errno.h
+#include linux/ip.h
+#include linux/kernel.h
+#include linux/module.h
+#include linux/skbuff.h
+#include linux/socket.h
+#include linux/types.h
+#include net/checksum.h
+#include net/ip.h
+#include net/ip6_fib.h
+#include net/lwtunnel.h
+#include net/protocol.h
+#include uapi/linux/ila.h
+
+struct ila_params {
+   __be64 locator;
+};
+
+static inline struct ila_params *ila_params_lwtunnel(
+   struct lwtunnel_state *lwstate)
+{
+   return (struct ila_params *)lwstate-data;
+}
+
+static inline __wsum compute_csum_diff8(const __be32 *from, const __be32 *to)
+{
+   __be32 diff[] = {
+   ~from[0], ~from[1], to[0], to[1],
+   };
+
+   return csum_partial(diff, sizeof(diff), 0);
+}
+
+static inline __wsum get_csum_diff(struct ipv6hdr *ip6h, struct ila_params *p)
+{
+   return compute_csum_diff8((__be32 *)ip6h-daddr,
+ (__be32 *)p-locator);
+}
+
+static void update_ipv6_locator(struct sk_buff *skb, struct ila_params *p)
+{
+   __wsum diff;
+   struct ipv6hdr *ip6h = ipv6_hdr(skb);
+   size_t nhoff = sizeof(struct ipv6hdr);
+
+   /* First update checksum */
+   switch (ip6h-nexthdr) {
+   case NEXTHDR_TCP:
+   if (likely(pskb_may_pull(skb, nhoff + sizeof(struct tcphdr {
+   struct tcphdr *th = (struct tcphdr *)
+   (skb_network_header(skb) + nhoff);
+
+   diff = get_csum_diff(ip6h, p);
+   inet_proto_csum_replace_by_diff(th-check, skb,
+